2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL
;
28 /************************************************************************
29 check workstation trust account status
30 ************************************************************************/
31 BOOL
trust_account_check(struct in_addr dest_ip
, char *dest_host
,
32 char *hostname
, char *domain
, fstring mach_acct
,
37 struct cli_state cli_trust
;
38 uchar lm_owf_mach_pwd
[16];
39 uchar nt_owf_mach_pwd
[16];
40 uchar lm_sess_pwd
[24];
41 uchar nt_sess_pwd
[24];
43 BOOL right_error_code
= False
;
48 char *change_mach_pwd
;
50 /* initial machine password */
51 fstrcpy(mach_pwd
, hostname
);
54 slprintf(tmp
, sizeof(tmp
) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
57 start_mach_pwd
= (char*)getpass(tmp
);
59 if (start_mach_pwd
[0] != 0)
61 fstrcpy(mach_pwd
, start_mach_pwd
);
64 slprintf(tmp
, sizeof(tmp
)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
67 change_mach_pwd
= (char*)getpass(tmp
);
69 if (change_mach_pwd
[0] != 0)
71 fstrcpy(new_mach_pwd
, change_mach_pwd
);
75 DEBUG(1,("trust_account_check: password change not requested\n"));
76 change_mach_pwd
[0] = 0;
79 DEBUG(1,("initialise cli_trust connection\n"));
81 if (!cli_initialise(&cli_trust
))
83 DEBUG(1,("cli_initialise failed for cli_trust\n"));
87 DEBUG(1,("server connect for cli_trust\n"));
89 if (!server_connect_init(&cli_trust
, hostname
, dest_ip
, dest_host
))
91 cli_error(&cli_trust
, &err_cls
, &err_num
);
92 DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&cli_trust
)));
94 cli_shutdown(&cli_trust
);
98 DEBUG(1,("server connect cli_trust succeeded\n"));
100 nt_lm_owf_gen(mach_pwd
, nt_owf_mach_pwd
, lm_owf_mach_pwd
);
102 DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd
));
104 #ifdef DEBUG_PASSWORD
105 DEBUG(100,("client cryptkey: "));
106 dump_data(100, cli_trust
.cryptkey
, sizeof(cli_trust
.cryptkey
));
109 SMBencrypt(nt_owf_mach_pwd
, cli_trust
.cryptkey
, nt_sess_pwd
);
111 #ifdef DEBUG_PASSWORD
112 DEBUG(100,("nt_owf_mach_pwd: "));
113 dump_data(100, nt_owf_mach_pwd
, sizeof(lm_owf_mach_pwd
));
114 DEBUG(100,("nt_sess_pwd: "));
115 dump_data(100, nt_sess_pwd
, sizeof(nt_sess_pwd
));
118 SMBencrypt(lm_owf_mach_pwd
, cli_trust
.cryptkey
, lm_sess_pwd
);
120 #ifdef DEBUG_PASSWORD
121 DEBUG(100,("lm_owf_mach_pwd: "));
122 dump_data(100, lm_owf_mach_pwd
, sizeof(lm_owf_mach_pwd
));
123 DEBUG(100,("lm_sess_pwd: "));
124 dump_data(100, lm_sess_pwd
, sizeof(lm_sess_pwd
));
127 right_error_code
= False
;
129 if (cli_session_setup(&cli_trust
, mach_acct
,
130 nt_owf_mach_pwd
, sizeof(nt_owf_mach_pwd
),
131 nt_owf_mach_pwd
, sizeof(nt_owf_mach_pwd
), domain
))
133 DEBUG(0,("cli_session_setup: NO ERROR! AAAGH! BUG IN SERVER DETECTED!!!\n"));
134 cli_shutdown(&cli_trust
);
139 cli_error(&cli_trust
, &err_cls
, &err_num
);
141 if (err_num
== (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
))
143 DEBUG(1,("cli_send_tconX: valid workstation trust account exists\n"));
144 right_error_code
= True
;
147 if (err_num
== (0xC0000000 | NT_STATUS_NO_SUCH_USER
))
149 DEBUG(1,("cli_send_tconX: workstation trust account does not exist\n"));
150 right_error_code
= False
;
153 if (!right_error_code
)
155 DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&cli_trust
)));
158 cli_shutdown(&cli_trust
);
159 return right_error_code
;